Tuesday, October 16, 2018

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: October 15, 2018

Wapack Labs identified connections from 62,111 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: October 15, 2018 

On 15 October 2018, Wapack Labs identified 60 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Triout Spyware Framework

Researchers at Bitdefender have identified a new Android malware titled, Triout which acts as a framework for turning legitimate applications into spyware.  It is used to inject extensive surveillance capabilities into seemingly benign applications.  Triout is found bundled with a repackaged app; with capabilities including recording phone calls, logging incoming text messages, recoding videos, taking pictures and collecting GPS coordinates. Then broadcasting all of that back to an attacker-controlled C2 (command and control) server.  The sample’s first appearance seems to be 15 May 2018, when it was uploaded to VirusTotal.

To read the full article and find an archive of related reporting follow this link to READBOARD.

Wednesday, October 10, 2018

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: October 9, 2018 

On 9 October 2018, Wapack Labs identified 206 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: October 9, 2018

Wapack Labs identified connections from 208,784 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.

Wednesday, October 3, 2018

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: October 1, 2018 

On 1 October 2018, Wapack Labs identified 58 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Monday, October 1, 2018

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: October 1, 2018

Wapack Labs identified connections from 68,594 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.

Wednesday, September 26, 2018

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: September 24, 2018 

On 24 September 2018, Wapack Labs identified 44 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wednesday, September 19, 2018

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: September 19, 2018 

On 19 September 2018, Wapack Labs identified 37 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: September 17, 2018

Wapack Labs identified connections from 10,200 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.

Sunday, September 16, 2018

Motor Vessel (MV) Impersonation

Wapack Labs conducted a CTAC collection for malicious activity, analyzing all data containing Motor Vessel (MV) in the subject line of malicious emails. Email subject line Motor Vessel (MV) impersonation is a common TTP for attackers targeting the maritime industry. Wapack Labs is providing this monthly list of Motor Vessels in which Wapack Labs directly observed the vessel being impersonated, with associated malicious emails. 

A few 'MV' examples:

  • MV AMIS WISDOM III //CIF, KEELUNG// Bunker & Ship Charter - Seen 16 times
  • RE: MV MODULUS 5 - CARGO: 2106.505 MTS STEEL SCRAP IN BULK - Seen 5 times
  • MV PAPAYIANNIS - Requisition - Seen 3 times
  • MV TS Honour - voy 180XXXX - Appointment of Agency for Load - Seen 3 times
  • MV TS Honour - voy 180XXXX - Appointment of Agency for Load Assistance and Agreement - Seen 3 times

Would you like to read the full Motor Vessel (MV) Impersonation article, get all the related specifics? A PDF will be available on the complimentary CHANNEL 001 Webinar, this upcoming Wednesday, September 19th. Topic: The Missing Link in the Supply Chain, Presented to you by Wapack Labs and Chris Hall, Co-Owner and Principal Engineer at Wapack Labs.


Contact Wapack Labs for more information:

1-844-492-7225, or info@wapacklabs.com

WWW.WAPACKLABS.COM

Friday, September 14, 2018

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: September 12, 2018

Wapack Labs identified connections from 76,077 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
 
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: September 12, 2018 

On 12 September 2018, Wapack Labs identified 81 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Thursday, September 13, 2018

CHANNEL 001:CYBER BRIEF: The Missing Link in the Supply Chain Webinar

Introducing a NEW Wapack Labs Monthly Cyber Brief Webinar Series - called 'Channel 001'. We will host a webinar every month on prevailing cyber topics. These webinars are open to everyone and are free to attend. First up, we have a Supply Chain webinar - 'The Missing Link in the Supply Chain'.

September 19th, 10:00 AM EDT REGISTER NOW


In recent years, the global supply chain has become the new "playground for hackers". With chain inherently having numerous links (from suppliers to manufacturers to distributors), the number of potentially exploitable relationships makes it an attractive target. This presentation includes the 'how' and the 'why' of supply chain attacks and describes several notable malware campaigns affecting supply chain in multiple industries.

Viewers will:
• Understand the basic nature of cyber supply chains
• Gain insight into cyber supply chain vulnerabilities
• Learn how to begin protecting our cyber supply chains 


Your presenter Chris Hall, Co-Owner and Principal Engineer at Wapack Labs, has been in the intelligence community for over 18 years in various capacities including SIGINT, network defense, reverse-engineering, and fusion. In 2012, Chris moved from the government to the private sector to help form the Red Sky alliance and then co-found Wapack Labs in 2013. As a partner at Wapack Labs, Chris's main responsibility is to oversee the production, sourcing, and collection of intelligence.

Please join us for this webinar and many more to come. September 19th, 10:00 AM EDT.

REGISTER NOW


Contact Wapack Labs for more information:
603-606-1246, or info@wapacklabs.com 


WWW.WAPACKLABS.COM